Uploaded image for project: 'Nuxeo Drive '
  1. Nuxeo Drive
  2. NXDRIVE-1884

[Windows] Update the timestamping service URL



    • Type: Task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 4.2.0
    • Fix Version/s: 4.3.0
    • Component/s: Packaging / Build
    • Environment:


      I just received that email from DigiCert:

      Dear Mickael Schoentgen,

      Changes are coming to timestamping services operated by Symantec and DigiCert. We are contacting you because you have a Code Signing and/or Document Signing certificate, and you will need to make changes to your timestamping process when signing future executables or documents.

      If you sign executables or documents, but do not use timestamping, no action is required and these changes do not affect you. However, we highly recommend timestamping as it allows your signatures to remain valid after certificate expiration.

      What is happening?

      Symantec timestamping services are being shut down on October 31st, 2019. The URLs for these services are sha1timestamp.ws.symantec.com and sha256timestamp.ws.symantec.com
      The DigiCert timestamping service will change its IP address on October 23rd. The URL for this service is timestamp.digicert.com

      The new IP address will be:

      How does this affect me?

      Neither of these changes affect your existing signed/timestamped executables or documents. No action is required for them to continue working.
      If you do not use timestamping when you sign executables or documents, no action is required.
      If you do use timestamping, you will need to make changes to sign new executables or documents.

      Whether you use a Symantec or DigiCert Code Signing or Document Signing certificate, you need to use the DigiCert service as your timestamp URL in your signing tool: timestamp.digicert.com

      If necessary, whitelist this service so you can access it on your network. Due to the IP address change occurring on October 23rd, existing users may need to update their whitelist. We recommend whitelisting by domain name (timestamp.digicert.com), but if you are required to whitelist by IP, the new IP address will be:

      (Note this IP address could change in the future – if that happens, we will publish a change log ahead of any changes and contact you)

      Best regards,
      DigiCert Product Team

      So the URL we are using for codesigning, http://sha256timestamp.ws.symantec.com/sha256/timestamp, needs to be updated to http://timestamp.digicert.com/sha256/timestamp.




            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created:

                Time Tracking

                Original Estimate - Not Specified
                Not Specified
                Remaining Estimate - 0 minutes
                Time Spent - 5 minutes